What is Phishing?
Phishing is a criminal tactic that uses disguised email, text and voice messages as a weapon to steal data and money from unsuspecting recipients. These types of attacks are launched daily and are coordinated by professional scammers. Scammers use these spoofing techniques to lure victims in and trick them into giving out personal information such as banking and credit card account numbers, passwords, and other sensitive data like a social security number. Phishing schemes have evolved into sophisticated variations, but the main goal is always for the criminal to gain access to information they can use to commitment a fraudulent act.
Types of Phishing Schemes
- Smishing– scammers trick you into giving them your private information via a text or SMS message.
- Vishing– phone calls or voice mails from scammers trying to retrieve your private information.
- Email– scammers send an email that appears to be from a legitimate company or someone you may know and asks you to update or verify your personal information by replying to the email or clicking a link. The email may be convincing enough to get you to take the action requested.
- Pharming– a scam involving malicious code and fraudulent websites. Scammers install malicious code on your computer or server to redirect you to bogus websites without your knowledge or consent. The website may look nearly identical to the real thing – like your bank or credit card site – and requests you to enter sensitive information like passwords, credit card numbers, banking PINs, etc. These fake websites are used solely to steal your information.
How to Recognize a Phishing Attack
A Phishing message can be sent in many forms. They are designed to look like they are from a company you know and trust such as a bank, a credit card company, a social networking site, an online payment website, or an online store. Scammers update their tactics and strategies often, but there are signs to look for that can help you identify a phishing attack. If you receive a message that seems unfamiliar and raises suspicion, this is one of the first clues that this may be a spoofed message…be cautious and look for other indications that would suggest you proceed with caution such as:
- bad grammar, misspelled words, and whether your name is missing from the email
- questions asking for your personal information
- is it from a company you have an account with or not
- who is the message from, who is it addressed to, and is the date accurate plus consider the email subject, attachments, hyperlinks and most importantly, the content of the message
These types of messages often tell a “story” that sounds believable in order to encourage the victim to click on a link or open an attachment. The message may contain any of the following:
- it is warning you of a problem with your account such as suspicious activity, numerous log-in attempts or an issue with your payment information
- it asks you to provide your user name, password or personal information
- it offers incentives if you “click here” such as free cash, coupons, or an all-expenses paid vacation. As nice as those prizes may sound – if it seems too good to be true, it probably is!
To sound even more convincing, these messages may contain a sense of urgency or threaten you to act quickly so your account is not suspended.
How to Protect Yourself from a Phishing Attack
Although scammers constantly come up with new approaches and techniques, there are some things you can do to prevent becoming a phishing statistic. Be sure to back up your data often and protect your computer and other devices by using security software. To ensure your devices are protected by the most up-to-date software, set the software to update automatically. Use multi-factor authentication, extra security that requires two or more credentials to log in to your account. The additional credentials can be a passcode you receive via test message or a scan of your fingerprint or face. These features are extra secure and make it harder for scammers to hack your account with only your username and password.
How to Report a Phishing Attack
If you receive a phishing email or text message, it’s very important to report it to the appropriate organizations. Follow the steps below and be sure to provide all of the information you have to better assist in the fight against scammers.
Step 1. Forward phishing emails to spam at uce dot gov and to the Anti-Phishing Work Group at reportphising at apwg dot org. Forward a phishing text message to SPAM (7726).
Step 2. Report the phishing attack to the FTC at: ftc.gov/complaint
Step 3. File a report with the FBI at: ic3/gov
Step 4. Contact your financial institution if your bank account has been compromised
Unfortunately, scammers will continue to target consumers any way they can, but by being alert and aware of their tactics, you can make sure that you don’t become a victim. As your financial services partner, we are dedicated to protecting all of our customers. Lakeland Bank will never contact you via text, email or phone to ask for any personal or bank account information and ask you to call us to submit when you need to submit this information. And you should report any suspicious emails from the Bank by calling 866-224-1379.
For additional information on protecting yourself and your personal information, refer to our Identity Theft Information Center.
Social networks are a playground for hackers, and they know how to use the information people publicly share to their advantage, but you can learn how to protect your identity in this blog.
